Virtual Private Networking
106
N300 Wireless ADSL2+ Modem Router DGN2200v3
tunnel request. Otherwise, the side using a dynamic IP address has to always be the
initiator.
• Wh
ich method will you use to configure your VPN tunnels?
- The VPN Wizard u
sing VPNC defaults (see Table 5, Parameters Recommended by
the VPNC and Used in the VPN Wizard on p
age 106).
- The typical
automated Internet Key Exchange (IKE) setup (see Use Auto Policy to
Configure VPN Tunnels on p
age 125).
- A man
ual keying setup in which you need to specify each phase of the connection
(see Use Manual Policy to Configure VPN T
unnels on page 132)?
Table 5. Parameters Recommended by the VPNC and Used in the VPN Wizard
Parameter Factory Default Setting
Secure Association Main Mode
Authentication Method Pre-Shared Key
Encryption Method 3DES
Authentication Protocol SHA-1
Diffie-Hellman (DH) Group Group 2 (1024 bit)
Key Life 8 hours
IKE Life Time 1 hour
• What level of IPSec VPN encryption will you use?
- DES.
The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56-bit key. Faster but less secure than 3DES.
- 3DES. T
riple DES achieves a higher level of security by encrypting the data three
times using DES with three different, unrelated keys.
• Wh
at level of authentication will you use?
- MD5. 1
28 bits, faster but less secure.
- SH
A-1. 160 bits, slower but more secure.
VPN Tunnel Configuration
There are two tunnel configurations and three ways to configure them:
• Use
the VPN Wizard to configure a VPN tunnel (recommended for most situations):
- See Set Up a Client-to-Gateway VPN Configuration o
n page 107.
- See Set Up a Gateway-to-Gateway VPN Configuration on p
age 117.
• See Use Auto Policy to Configure VPN Tunnels on p
age 125 when the VPN Wizard and
its VPNC defaults are not appropriate for your special circumst
ances, but you want to
automate the Internet Key Exchange (IKE) setup.
To Next Page
Loading...
